By Laurent Colombant, Continuous Controls and Fraud Manager, SAS
When we think of financial crime, few would consider procurement fraud to be one of the most pressing threats facing their business. Yet according to PwC, this form of fraud is the second-most commonly reported economic crime in the world, ranking above bribery, corruption and even cybercrime.
The question is – who should lead counter-fraud efforts? Worryingly, businesses seem unclear on the answer. Our latest research report, Unmasking the Enemy Within, found there was no clear leader or common approach to procurement fraud prevention across businesses. Indeed, almost a quarter (23 per cent) of business leaders have no clear owner assigned to the task or can’t say who is responsible.
Finance in the firing line
What’s not in question, however, is who’s held responsible for the damages that fraud inflicts. While CFOs might not be involved in day-to-day anti-fraud operations, they are frequently first in the firing line when procurement fraud is uncovered. In 2014, for example, Sino-Forest Corp CFO David Horsley was fined C$700,000 by regulators for failing to prevent fraud under his watch. Furthermore, he was permanently banned from being a public company officer or corporate director, and was ordered to pay $5.6 million to the company’s investors following a class action settlement.
While they are unlikely to coordinate fraud efforts single-handedly, 31 per cent of companies place ultimate responsibility for fraud in the CFO’s hands – more than any other role. That’s hardly surprising, given that fraud has a direct impact on the bottom line, with over half of businesses (55 per cent) reporting losses of up to €400,000 per year.
While we are not arguing that the finance department should be the command and control centre for anti-fraud efforts, it’s clear that the CFO has a crucial role to play in tackling procurement fraud. They are the ones who guide purchase decisions, who oversee risk management or audits and, ultimately, have the final say in what anti-fraud capabilities a company is equipped with.
Even so, it’s unfair to expect the finance department to shoulder the entire burden themselves. Just as IT security in the organisation is everyone’s responsibility, so too must accountability and responsibility for fraud be embedded throughout the workplace.
Invest for success – modernising the detection process
Yet there is much that the finance department can do to help uncover incidents of fraud – not least conducting regular audits. Around half businesses (46 per cent) claim to hold regular internal audits, but many of these exclude procurement fraud from their remit. More worrying still, more than one in 10 (11 per cent) organisations admit to either doing nothing to audit for procurement fraud or are unable to say what they do. A further fifth (22 per cent) fail to audit for procurement fraud at all.
That one in three companies aren’t actively searching for procurement fraud, or don’t know what processes cover it, suggests a blind spot that potential fraudsters could easily exploit.
Finance needs to look at areas where existing auditing process are letting them down. When we look at how organisations deal with procurement fraud, 29 per cent validate procurement applications manually while a further 30 per cent rely on staff to inform them of any wrongdoing. Both carry a high risk of human error, potentially minimising or masking the true scale of the problem.
Ultimately, the buck stops with the CFO, which is why they should consider a new approach to auditing based on continuous and automated detection. This is only possible with a strong foundation of advanced analytics that assists investigators in pinpointing the needles in the haystack. A company’s ability to identify and prevent fraud rests, to a very great extent, on the good judgment of the CFO in selecting the right systems to prevent fraud from happening in the first place and deterring anyone with ill intentions.
Continuous, data-driven detection represents the best way to fight procurement fraud and identify errors, enabling companies to pre-empt signs of fraudulent activity rather than discover it after it’s taken place. This limits costs, saves time as well as reputation and prevents losses.
Yet only a small minority of organisations are using advanced analytics (14 per cent) and AI (nine per cent) technologies in their anti-fraud efforts. The most common obstacle to adoption is the perceived cost of the technologies, but this could well be short-term thinking on the part of the CFO. While there is an upfront cost implicit in any implementation, an effective fraud detection tool will quickly make its money back in the losses it prevents and the monies it helps recoup.
The finance department should not be afraid to make the case for investment in the latest advanced analytics and AI solutions. Procurement fraud is too serious and too costly to make short-term capex savings in favour of the long-term ROI offered by analytics-enabled security. After all, the buck stops with them.